NIST offers guide to agencies on assessing information-security continuous monitoring programs

A new guide from the National Institute of Standards and Technology offers an approach for federal, state and local governments to use in assessing information security monitoring programs.

The guide focuses on assessing the “structure and governance” -- rather than results -- of monitoring programs as a way to identify gaps and improve overall performance. “The overarching goal of the ISCM program assessment is to provide organizations with recommendations to improve the ISCM program and thereby manage and reduce...